L2tp + IPSec, am I using it correctly?

G

Gennady2016-04-21 15:16:29

Mikrotik

Gennady, 2016-04-21 15:16:29

Good day!
1. I use IPSec on Mikrotik in the following way: I raise the l2tp tunnel from one Mikrotik to another (from one point with a gray IP to another with a white one). After that, I encrypt with IPSec what goes through the tunnel (i.e., in the IPSec policies, the IPs that the client and server receive inside the l2tp tunnel are written). Question: how correct is this? Am I using these tools correctly at all? If not, how is it right?
2. If I use everything correctly: then how to check that the data inside the tunnel is really encrypted? If entries with ip and authentication/encryption methods appear in InstalledSAs, does this clearly indicate that everything is fine?
Thanks in advance for your replies!

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

K

Kirill Vasiliev, 2016-04-21
@genana40

1. you encrypt encapsulating traffic, I would do the opposite. hid even the presence of l2tp. encrypted everything (NAT-T can be done with one external address) or used the standard Mikrotik feature, which recently appeared in Mikrotik ipsec to wind up any tunnel.
2) if the keys are issued, then everything is OK, but if you are paranoid about encryption, then wireshark is in your hands